snyk enrich doesn't return vulnerabilities

[fingeromer]

when I run cat before_parlay.json | ./parlay ecosystems enrich - | ./parlay snyk enrich -

on

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.3",
  "serialNumber": "1",
  "version": 1,
  "metadata": {
    "timestamp": "1496244605"
  },
  "component": {
    "name": "api",
    "type": "application"
  },
  "components": [
    {
      "type": "library",
      "name": "request",
      "version": "2.88.0",
      "purl": "pkg:npm/request@2.88.0"
    }
  ]
}

I get

{"bomFormat":"CycloneDX","specVersion":"1.3","serialNumber":"1","version":1,"metadata":{"timestamp":"1496244605"},"components":[{"type":"library","supplier":{"name":"request"},"author":"request","name":"request","version":"2.88.0","description":"Simplified HTTP request client.","licenses":[{"expression":"Apache-2.0"}],"purl":"pkg:npm/request@2.88.0","externalReferences":[{"url":"https://github.com/request/request","type":"website"},{"url":"https://www.npmjs.com/package/request","type":"distribution"},{"url":"https://github.com/request/request","type":"vcs"}],"properties":[{"name":"ecosystems:first_release_published_at","value":"2011-01-22T00:36:12Z"},{"name":"ecosystems:latest_release_published_at","value":"2020-02-11T16:35:36Z"}]}],"vulnerabilities":null}

no vulnerabilities, even that this library has: https://security.snyk.io/package/npm/request/2.88.0

[mcombuechen]

Hey @fingeromer , thanks for opening this issue. Did you provide a Snyk token (env var SNYK_TOKEN) on the environment, as mentioned here?

[omerfinger]

Sorry, I didn't. It seems like the issue,

I went by this: https://snyk.io/blog/introducing-parlay/

So I assumed it should work without any pre configuration.

Thank you!

[garethr]

The README mentions the requirement for the authentication here. Will close the issue, but any other problems let us know.